Legal

Privacy Policy

Last updated: May 2, 2026

DazzleFlow ("we," "us," or "DazzleFlow") helps businesses understand why visitors don't convert. To do that, we process messages and signals visitors leave on the websites of our customers. This policy explains what we collect, why, and what choices you have.

1. Who this policy is for

This policy applies to two groups of people:

  • Customers — businesses that sign up for DazzleFlow and install our widget on their websites.
  • Visitors — people who interact with the DazzleFlow widget while browsing a customer's website.

For visitors, the customer that operates the website is the data controller; DazzleFlow acts as a data processor on their behalf. If you're a visitor and want to exercise your data rights, please reach out to the website operator first.

2. What we collect

From customers

  • Account details: name, email, company, password (hashed).
  • Billing information, processed by our payment provider.
  • Product usage: pages viewed, features used, errors encountered.

From visitors (via the widget)

  • Messages sent to the widget — including questions, hesitations, and other free-text input visitors choose to provide.
  • Behavioral signals on the host page: page URL, timestamps, referral source, scroll and click events.
  • Contact details visitors voluntarily provide (e.g. name, email, phone).
  • A widget identifier stored in browser storage so we can recognize a returning visitor across pages.

We do not intentionally collect special categories of personal data (health, biometrics, political views, etc.). Visitors should not share that information through the widget; if they do, customers are responsible for handling it under applicable law.

3. How we use the data

  • Classification. We pass visitor messages through AI models to classify friction (price, trust, timing, fit), readiness, and persona.
  • Recovery suggestions. We generate suggested follow-up actions and surface them to the customer.
  • Analytics. We compute aggregated metrics for the customer's dashboard.
  • Service operation. We use logs and error data to keep DazzleFlow running and to debug issues.
  • Communication. We email customers about their account, product updates, and support.

We do not use visitor data to train shared or general-purpose AI models. Visitor messages are not used to improve models for other customers.

4. Who we share data with

We share data only with service providers needed to operate DazzleFlow, under contracts that require them to protect it:

  • Hosting and infrastructure — Railway (United States) and the cloud providers it runs on.
  • AI providers — Anthropic and/or OpenAI, which process messages to return classifications. Inputs to these providers are not used for their own model training under our agreements.
  • Email delivery — used to send transactional and customer-initiated emails.
  • Payment processing — handled by a PCI-compliant payment provider; we do not store full card numbers.

We do not sell personal data. We do not share it for cross-context behavioral advertising.

5. International transfers

DazzleFlow primarily hosts data in the United States. If you access DazzleFlow from another country, your data will be transferred to those locations. Where required (e.g. EEA/UK), we rely on appropriate safeguards such as Standard Contractual Clauses.

6. Data retention

  • Visitor messages and signals: retained for the period the customer's account is active, and deleted (or anonymized) within 90 days of account closure or earlier on request.
  • Customer account data: retained while the account is active, and for up to 12 months after closure to satisfy legal/financial obligations.
  • Backups: rotated on a rolling basis and overwritten within 30 days.

7. Your rights

Depending on where you live, you may have the right to access, correct, delete, port, or restrict processing of your personal data, and to object to certain uses. To exercise these rights:

  • Customers: email hello@hoodazl.com from the address on your account.
  • Visitors: contact the website operator that runs the page where you interacted with the widget. They control what's done with your data and can route requests to us.

We respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.

8. Cookies and storage

The widget uses browser storage to remember a visitor across pages on the same site. We don't use third-party advertising cookies. Customers can disable widget storage in their account settings, which limits our ability to deduplicate sessions.

9. Security

We use TLS in transit, encryption at rest where supported by our infrastructure, scoped database credentials, and access controls limited to authorized personnel. No system is perfectly secure; if we discover a breach affecting your data, we'll notify you and the relevant authorities as required by law.

10. Children

DazzleFlow isn't directed at children under 16, and we don't knowingly collect their data. If you believe a child has used our service, contact us and we'll delete the relevant information.

11. Changes to this policy

We may update this policy as the product and laws evolve. Material changes will be communicated by email to active customers and posted on this page with a new "last updated" date.

12. Contact

Questions about this policy or your data? Email hello@hoodazl.com.